Schedule

Description

Go to the cité du vin to share pastries before attacking the conference day

10h00 - 10h30

Keynote

talk presented by

Yassir KAZAR

Description

Opening of the conference day by CEO and co-founder of Yogosha

10h30 - 11h15

AFL, QBDI et KSE sont sur un bateau...

talk presented by

Gabrielle Viala

Description

KSE is a Windows kernel component enabling legit hooks on drivers' API
calls. Its situation makes it a perfect target for vulnerability
research. This talk aims at presenting an uncommon but efficient,
somewhat fun but really painful way to audit such a component by fuzzing
it with AFL and a DBI.

11h20 - 12h05

Introducing the OWASP ZAP HUD

talk presented by

Simon Bennetts

Description

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular and best maintained free and open source security tools. It has a powerful desktop UI, a highly functional API and is used by everyone from people new to security, including developers and QA, right up to professional pentesters.
It’s also more complex for newcomers than we would like.
We are therefore introducing a new Heads Up Display (HUD) interface which overlays data and controls for ZAP over the web based application being tested.

Description

This talk will focus on the macOS/iOS heap from an exploitation point of view. Tons of
papers exist on glibc and Windows allocators but very few on the macOS/iOS one and, worse,
some are even wrong. We will try our best to describe how it really works, which attacks
it mitigates, how to debug it and finally how to exploit it.